Re: svnadmin create and not being method agnostic

On Thu, Dec 30, 2010 at 9:41 AM, Bob Archer <Bob.Archer_at_amsi.com> wrote:

> Is there really that much overhead in deleting the binary and insuring the correct permissions are used on the repository folders to "keep the honest, honest?" After all, any one with root/administrator access is able to bypass anything you've done anyway.

That one's nasty. Since it runs on a "high numbered port", any user
can run a binary to access it, at least as long as the repository
folders are readable to that user. And since they are by default with
the 'svnadmin hotcopy' and 'svnadmin create' commands, well, it gets
difficult.

It's concievable to set the umask inside 'svnadmin create' to be 077,
and for 'svnadmin hotcopy' to replicate such permissions, but that
would take a lot more work and especially a *lot* more testing.

> It rather see the devs working on 1.7 WC features like a real "branch" command, performance, etc, rather than adding a config option that nobody will use.
>
> Also, if you want a more "secure" version of subversion package up your own binaries that don't include svnserve... let the svn dev's work on the stuff that we can't do with 3 or 4 lines of a batch/command file.
>
> BOb
>

That requires manual editing of the installer. Feasible for Subversion
RPM's, but a bit awkward for many other developers, and bound to cause
confusion.
Received on 2011-01-02 04:36:28 CET